CLAIMS 



What is claimed is: 



5 1. In a system comprising: 

a root entity, the root entity maintaining a root certification authority adapted to 
issue a digital certificate to a first participant and a second participant, the root entity further 
maintaining a central repository; 

the first participant maintaining a first certification authority adapted to issue a 
1 0 digital certificate to a first customer; 

the second participant maintaining a second certification authority adapted to issue a 
digital certificate to a second customer; 

a method for providing authorization services, comprising: 

generating by the second customer an authorization request to confirm the authority 
15 of an individual to act on behalf of the first customer; 

transmitting the authorization request from the second customer to the second 
participant; 

transmitting the authorization request from the second participant to the first 
participant; 

20 retrieving at the first participant information concerning the authority of the 

individual to act on behalf of the first customer and one or more rules for responding to the 
authorization request; 

generating by the first participant an authorization response using the retrieved 
information and rules; 

25 transmitting the response from the first participant to the second participant; and 

transmitting the response from the second participant to the second customer. 



2. The method of claim 1, wherein the authorization request is a dynamic request. 

30 3. The method of claim 1, wherein the authorization request is a static request. 

4. The method of claim 1, wherein the first participant responds to the authorization 
request with a positive response only if the authorization request includes a purchase order 
signed by the individual. 
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5. The method of claim 1, wherein access controls are implemented that limit the 
ability of the second customer to obtain a message format for the authorization request. 

6. The method of claim 1, wherein definition information is used in preparing the 
5 authorization response. 

7. The method of claim 1, wherein mapping information is used in preparing the 
authorization response. 

10 8. The method of claim 7, wherein the mapping information comprises dynamic 
mapping information. 

9. The method of claim 1, wherein the authorization request seeks confirmation that 
the individual is authorized to purchase goods on behalf of the first customer. 

15 

1 0. The method of claim 1 , wherein the authorization request is bundled with a 
certificate validation request for the individual's certificate. 

1 1 . The method of claim 1 , wherein the first participant checks the validity of the first 
20 customer's certificate. 

12. The method of claim 1 , wherein the response indicates the status of the first 
customer's certificate. 

25 13. A method for establishing an authorization service, comprising: 
defining a proposed authorization service; 

presenting the proposed authorization service to a policy management authority; 
receiving approval of the proposed authorization service from the policy 
management authority, whereby the proposed authorization service becomes an approved 
30 authorization service; and 

implementing the approved authorization service. 

14. The method of claim 13, wherein the proposed authorization service comprises a 
messaging specification and implementation rules. 
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15. The method of claim 13, wherein the proposed authorization service is jointly 
developed by a customer and its participant. 

16. The method of claim 13, wherein the proposed authorization service is developed by 
5 a participant and approved by the policy management authority before being offered to a 

customer. 

17. The method of claim 13, wherein the policy management authority is associated 
with a root entity. 

10 

18. The method of claim 13, wherein the approved authorization service is implemented 
within the context of a four-corner model. 
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